Apple has issued an apology 'to all Mac users' following the discovery of a major root password vulnerability discovered in macOS High Sierra. The company has also released a security update which will be automatically installed on all systems running High Sierra 10.13.1.
--- Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again. ---
Security Update 2017-001 ● Available for: macOS High Sierra 10.13.1 ● Not impacted: macOS Sierra 10.12.6 and earlier ● Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password ● Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. ● CVE-2017-13872
When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002.
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (4)
Comments are closed for this article.
0
D4xM4Nx - November 30, 2017 at 8:57am
How about compensating us for the security risk, Apple? I was already covered, but most folks aren't tech savvy and they were put into a dangerous path... Problems happen, when people are so obsessed looking for flaws, they're always gonna find them. At least Apple acted quickly, searching for feedback from users to make sure this update isn't a dud.
0
iPho Soup - November 29, 2017 at 7:35pm
"[O]ur security engineers became aware of the issue Tuesday afternoon..." TUESDAY afternoon when it should've been known to them at least two weeks earlier (referenced by fristle on Twitter).
0
Irfy - November 29, 2017 at 5:40pm
It seems like Apple is facing significant challenges with quality control and maintaining the standard of excellence expected of the company.
0
ACKTUALLY - November 30, 2017 at 1:15am
Apple hasn't been a great company or at least a visionary one in years.
The iPhone was last exciting in it's 5/SE form factor.
Handsets are about to start going down in size and it looks like Samsung & Huawei, Honor, OnePlus - and even Google (HTC) are about to be able to lap them.
I'm writing this on a MacBook & as an iPhone user myself - their IP is stale and boring now. Face ID is now a two step process which i'm sure will be part of a third hack and identity theft within a year.
They release unpolished versions of iOS and this current root hack loophole on MacOS just looks bush league.
I've been using Macs since 1999, never anything else and the last year alone has seen so many missteps and problems it makes me wonder what i'm doing.
iPhone X is a let down. A literal notch or in this case a bump in their storied history as a tech giant.
When they start manufacturing their own OLED displays, camera tech & borrowing Android UI and push themselves to be the company that i drew up on again i'll give them another chance - right now i'm sticking to my iPhone 7 and waiting for 1st quarter of 2018 and CES to see what i'll use next on Android.
![Apple Seeds Third Betas of watchOS 26.3, tvOS 26.3, and visionOS 26.3 to Developers [Download]](/images/news/99748/99748/99748-160.jpg "Apple Seeds Third Betas of watchOS 26.3, tvOS 26.3, and visionOS 26.3 to Developers [Download]")
![Apple Releases iOS 26.3 Beta 3 and iPadOS 26.3 Beta 3 to Developers [Download]](/images/news/99746/99746/99746-160.jpg "Apple Releases iOS 26.3 Beta 3 and iPadOS 26.3 Beta 3 to Developers [Download]")
![Apple Releases iOS 26.2.1 and iPadOS 26.2.1 With Support for New AirTag [Download]](/images/news/99744/99744/99744-160.jpg "Apple Releases iOS 26.2.1 and iPadOS 26.2.1 With Support for New AirTag [Download]")
![Apple Releases watchOS 26.2.1 for Apple Watch [Download]](/images/news/99743/99743/99743-160.jpg "Apple Releases watchOS 26.2.1 for Apple Watch [Download]")
![Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]](/images/news/99729/99729/99729-160.jpg "Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]")
![Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]](/images/news/99716/99716/99716-160.jpg "Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]")
![Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]](/images/news/99684/99684/99684-160.jpg "Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]")
![Beats iPhone 17 Pro Kickstand Case Drops to $20.99, 64% Off [Deal]](/images/news/99680/99680/99680-160.jpg "Beats iPhone 17 Pro Kickstand Case Drops to $20.99, 64% Off [Deal]")
